Information
Google Chrome performs revocation checking for server certificates that successfully validate and are signed by locally-installed CA certificates. If Google Chrome is unable to obtain revocation status information, such certificates will be treated as revoked ('hard-fail').
Rationale:
Certificates shall always be validated.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to Enabled:
Computer Configuration\Administrative Templates\Google\Google Chrome\Whether online OCSP/CRL checks are required for local trust anchors
Impact:
A revocation check will be performed for server certificates that successfully validate and are signed by locally-installed CA certificates. if the OCSP server goes down, then this will hard-fail and prevent browsing to those sites.
Default Value:
Disabled. Google Chrome will use the existing online revocation checking settings.